Recognising the many differing viewpoints on enterprise risk management is fundamental to embedding the process successfully says Peter Atkin

Opportunities and efficiencies arising from enterprise risk management (ERM) are widely recognised and advocated. Why, then, are some organisations not yet fully embracing the process? Why do strategies for embedding risk management sometimes come off the rails?

The key to anticipating such matters is understanding the different perspectives which exist on risk management. While high-level overviews are important in devising appropriate implementation strategies, management viewpoints also need to be taken into account.

Adequate consideration given to the perspectives of senior management teams will maximise the chances of successfully embedding an effective system. Human as well as organisational issues must be addressed. Failure to identify material issues and to address them satisfactorily at the outset invariably results in unnecessary hurdles to implementation.

Identifying the hurdles
Many best practices for risk management and internal control systems are detailed in corporate governance codes, risk standards and guidance notes. These overlie complex regulatory and contractual compliance obligations. Even independent assurance and inspection processes are highly structured. All this detail is not a natural starting point for convincing busy management teams that ERM is a straight-forward, value-adding business process. So what is to be done?

Most businesses generally embrace risk management willingly, once they are clear as to the benefits, cut through the jargon and understand what is required of them. Process-based businesses have particularly valuable internal disciplines upon which ERM can easily be grounded. However, there will inevitably be some functional or business areas which will shy away from active involvement in change. For the risk management practitioner, evidence of silo management signals that without positive intervention or ongoing care, an ERM roll-out may stall.

Executive sponsorship
Sponsorship from the senior executive team is a well-known prerequisite to effective ERM. Yet, even achieving this process-critical milestone depends upon first identifying those issues which will convince the entire team to approve the roll-out and actively support it.

Winning over a key senior individual will get ERM off the mark in an organisation. However, if peer-to-peer adoption and, thus, an enthusiastic cascade of the process do not follow, the effectiveness of the process a year or so later is under threat. This is the very time when benefits are likely to start to flow.

Would a CFO logically respond to promoting and operating the ERM process within the finance team in the same way that a business development director might do within the creative, sales and marketing teams? What about the CEO's attitude? Each individual will have different perspectives and objectives for integration with their own processes. The business' ERM strategy must recognise this to an appropriate degree in order to improve its prospects for success.

Natural allies
ERM project roll-out must ensure that the day-to-day responsibilities continue to be addressed. Resourcing the project adequately is thus a challenge in itself. Natural allies for risk managers seeking to promote ERM include planning, insurance, compliance and assurance functions. Understanding their perspectives on ERM is important to ensure the best use of resources and the optimisation of the respective systems.

But will wider management respond? Are they encouraged to think outside the box or merely to operate within the confines of their responsibilities? Will the business be ready to capitalise upon the enthusiasm and momentum created by ERM? Viewing threats and opportunities from colleagues' perspective demonstrably improves organisation-wide understanding.

Rising to the challenge
To embed an ERM process effectively, it must be designed to take account of the business needs and perspectives of individuals. Management tools and training can be structured to deliver the technical solutions.

With clear process objectives and fine-tuning of the roll-out, ERM can be successfully embedded. Its immediate and ongoing benefits will then be significantly enhanced.

Peter Atkin is managing director of CYCLICK Risk Management Solutions, , Tel: 01403 750057, e-mail:

Aspects to consider when forming an ERM strategy

  • What is the impact of introducing or operating ERM on other management priorities and activities?
  • Is there an understanding of ERM within the business? Will the executive management or board teams need coaching at proposal and interpretative stages?
  • What are the views of those who are charged with ongoing review of the control framework or assurance processes (non-executives, audit or scrutiny committees, auditors, inspectors, etc)? Are they confident that public statements can be substantiated?
  • How is ERM to be rolled out over the longer period? How can it best be aligned with corporate culture? Is the path mapped far enough ahead before starting out?
  • Who is to see ERM data analyses and when? How will success be measured? How will common standards be assured?
  • What tools can be provided to management to implement and accelerate outcomes and to ensure follow-through of actions? Is ERM to be a means to an end or an end in itself?